3 Ways to Use Okta and Workato for Amazing Integrated Identity and Access Management

August 25, 2017

We’re excited to be partners with Okta and Atlas Identity in order to deliver a no-code platform for Identity and Access Management (IAM) workflows and automations. The Okta connector enables Okta to be integrated into a range of innovative business processes that you can automate from Workato, including Okta acting as a trigger for downstream actions, like multi-channel notifications, sophisticated integrations such as provisioning, or polling Okta for identity information to enable secure workflows. The connector also enables Okta to act as a consumer of events and data from other apps, like HR, Service Management, SIEM, and more.

With so many possibilities, where do you start? Here are three use cases you can implement right away!

1) Take action based on events in Okta.

With the new connector, you can plug Okta into a limitless range of event-based workflows. For example, you can automate the escalation of security issues. A security notification from Okta (e.g. for an unusual login pattern) can trigger a new ticket in ServiceNow, send it to PagerDuty, and post a notification in the relevant Slack channel.

You can also use the connector to construct an app onboarding workflow. When a user is provisioned for an app, the tutorials and policies for that app are automatically sent to the user via email. Similarly, you can create a workflow for multi-channel notifications. When a user account is deactivated, for example, that user’s manager is sent a Slack message.

Our new connector enables you to fully automate your employee or partner lifecycles, from Step A to Step Z. For example, when a new employee signs their offer letter in an HR app—like Workday or Zenefits—it will trigger the creation of a new Okta user. The workflow can then automatically provision that new user across all associated systems.

When a person’s role changes due to a promotion or a team shift, another workflow can seamlessly change or add program access as applicable, updating the Okta directory accordingly. Or, when an employee leaves and is marked so in the HR system, a recipe can deactivate the user right away.

Partner onboarding and offboarding work similarly. When a partner signs a DocuSign contract, a recipe can automatically provision an account for that partner so they can access the partner portal, for example.

3) Do everything from Slack using Workbot.

Of all the integration opportunities the new connector offers, perhaps the most exciting is the ability to do work directly with Okta from Slack using Workbot. You can easily execute approval workflows; for example, when a new sales employee added in your HR app, a recipe sends a message via Workbot indicating that the employee was added. The message will prompt you to approve the addition, then automatically create an Okta user in the Sales group.

You can also use Slack as your home base for security ops workflows. The new connector allows you to view, activate, deactivate, create, and delete users directly from Workbot. You can also fetch a list of all logins from an IP address or a list of all active logins of a user across devices.

Best of all, you can receive actionable notifications from Workbot. If there’s an anomalous login pattern, for example, you can receive a notification in a dedicated Slack security channel. You can then act on the notification without leaving Slack. And if an account is activated or deactivated in Okta, that user’s manager can receive a notification immediately.

Most importantly, these examples are just that — identity and access management workflow examples for inspiration. Our new Okta connector is highly customizable, you can tweak these use cases or build your own.

Ready to build better integrated workflows with Okta? Get started here.